We had done quite some stuff without playing nasty with our phone. There are still a couple of things we can do but, in order to keep the awesomeness level we really have to go and root our device. You may have had read many horror histories about rooting. You might be frightened... You are right. I have heard histories of devices coming back from the Smart Cemetery and claim for revenge on those users that profaned their firmwares.....heresy!!!.

Well, actually, for me, rooting my phone is something I always do immediately after unboxing the device. Being able to root the phone is one of the requirements to chose it. It use to be a safe process but it is true that there is a chance of bricking the phone, specially if you are blindly following instructions.

We will not explain how to root your device. It is often a device dependent process and there are too many different cases to be covered there. Just search the Internet and look for the instructions for your model. Read everything you can and try to understand the process so you can react if something goes wrong. Yes, this is basically a disclaimer... root your device at your own risk.

SAFE ROOTING

Before continuing two more words on rooting Android devices. There are actually two safe ways to get root on Android.

The first one is to buy a Google Device. Google devices allows unlocking the bootloader (that is something you need to do in order to use fastboot and flash new firmware) and Google provides factory images for all their devices. In other words, even when they do not officially support the process there is a good support to go ahead in a safe way. They maybe other companies providing this kind of support. If you are aware of any, please add a comment.

The second one is to use the Android SDK emulator. Yep, the emulator you use for developing your Android Java apps emulates a whole (almost) rooted device. So for those of you who do not want to risk its "precious", let's go for the emulator.

First thing to do is to create a device to run your Android system. Setup your PATH environmental variable to point to your Android SDK tools folder and type

~aaxh $ android avd

AVD stands for Android Virtual Device. Basically it is a tool to define tour "virtual hardware". OK, do not worry, you will get a nice user interface to work with
AVD. Android Virtual Device Manager
You can play later with the different option. Right now just press the "Device Definitions" tab and chose a device... for example Nexus 5. Press "Create AVD", select one skin and then press OK. If you feel brave enough you can try to change some parameters.... At least the AVD Name.
AVD. Android Virtual Device Manager. Device Definitions
Once created, your test device should look like this (more or less)
AVD Virtual Device for AAXH testing
The new created Virtual Device is now available and a "Start..." button is now enabled.... you do know what to do, don't you?
Booting your emulated Android will take a while, but you can login in your just created virtual machine, before the Android screen is shown.

POCKET LINUX

Now that you can feel the power is time to install GNU/Linux on your phone. Actually Linux is already there. In a way, Android is just another Linux distribution, but really stripped down... and we want to have GNU/Linux in there, not just regular Linux.
There are different option on how to deploy your preferred application on your phone. We will talk about one, Buildroot (http://buildroot.uclibc.org/download.html). Just go there, download it and uncompress the tar somewhere in your disk.
Buildroot follows the same approach that busybox and the Linux kernel so you should already know what to do.
But in case you are feeling lazy.

There you go. You should see something like this
Buildroot make menuconfig. Main Screen
Now you have to set a couple of options:
Target Options

Target Architecture ► ARM Little endian

Target Architecture Variant ► cortex-A9

The architecture Variant depends on your device. You will have to find out the architecture. Otherwise you can always select a lower architecture. If you are using the emulator chose cortex-A9, cortex-A15 (or the default floating point selection) doesn't work on the emulator. When you are done you should see something like this:
AAXH05. Buildroot menuconfig. Architecture Options
The next thing to select is the toolchain
Toolchain

ToolChain Type ► External toolchain

You can select the Buildroot toolchain. In that case buildroot will build its own toolchain and it will allow you to fine tune it. Building the toolchain take quite a while so, for the first test it is better if you select the default external toolchain.
In general the Linaro toolchains are the most up to date ones. If you want to use those you have to select a cortex-A variant architecture + target ABI (EABIhf) in the target options. EABIhf stands for hard floating point, and in general will produce faster code.
AAXH05. Buildroot menuconfig. Toolchain Options
Finally, you may want to go into the Target packages option and select some application that you want to have in your phone. Note that all the applications you select will be downloaded from Internet and compiled. In other words, if you select a lot of applications, the first compilation will take quite a long time.
For the first build we will just select nmap to convert our phone in a basic penetration testing tool :).
Go into networking applications and select nmap.
Now we are done. Just leave the interface selecting Exit as many times as required until you are asked to save your configuration. Save it and get back to the bash prompt.
Now type make and wait. If you have many cores in your box you might want to run make -j N_cores.
Buildroot will do its magic. The first time it has to download/build quite some stuff (including the toolchain) so to you better go and grab some coffee or take a walk in the park
...
Some coffees later....

STARTING OUR BRAND NEW GNU/LINUX

Now we have to dump our brand new GNU/Linux on the phone. Actually what we have to deploy is the root filesystem that buildroot had created for us. This is quite easy
Unless you had chose some fancy option (something you shouldn't had done at least the first time :), your root filesystem should be under output/images. So, let's copy it into our emulator:

We are almost done. Now we will start a chroot environment under our buildroot filesystem, and for that we have to mount a couple of pseudo filesystems. We actually have to bind those mounts to the real ones on the device. OK, anyhow, this is what you have to do

We are just starting a shell without running any initialisation script so nothing is setup. The very minimal thing we have to setup is the PATH variable in order to be able to execute the application in our new Linux. Now we can run nmap from our phone to look for open ports in our device. You should see something like this:

That.... Is.... Awesome!!!... isn't it?
Now you can rerun menuconfig and start adding your own tools to customise your Linux in your pocket. Not all of them will work, but most of the generic, console based applications will just work.
Happy Hacking
Awesome Wells